Symantec AntiVirus Corporate Edition vulnerable to flaw

The vendor is investigating reports of a "high-severity" flaw in its AntiVirus Corporate Edition product. Attackers could exploit it to launch malicious code.

Attackers could launch malicious code to gain system-level privileges by exploiting a flaw in Symantec AntiVirus Corporate Edition 10, Aliso Viejo, Calif.-based eEye Digital Security Inc. has warned in an advisory.

The company labeled the security hole "high-severity" and Cupertino, Calif.-based Symantec Corp. said it is investigating eEye's findings. Details on the exact nature of the vulnerability were not immediately available.

"This flaw does not require any end-user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system-level access," eEye said in its brief advisory.

In its advisory detailing the AntiVirus Corporate Edition 10 flaw, Symantec said its Norton products "do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue." The company said its product teams are investigating and, if necessary, "we will provide updates for all currently supported products to resolve this issue."

Symantec added that it's not aware of any customers that have been affected by the flaw. "There is no known exploit code currently in the wild that takes advantage of this reported vulnerability," the company said.

For now, Symantec said AntiVirus Corporate Edition customers can mitigate the threat by:

  • Blocking external access at the network boundary, unless external parties require service.
  • Filtering access to the affected computer at the network boundary if global accessibility is not required.
  • Restricting access to only trusted computers and networks.
  • Deploying network intrusion detection systems (IDS) to monitor network traffic for malicious activity.
  • Not accepting or executing files from untrusted or unknown sources.
  • Avoiding the acceptance of or executing files that originate from users of questionable integrity.

    This article originally appeared on SearchSecurity.com.

  • Dig deeper on Lotus Notes Domino Antivirus Software and Virus Protection

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    Search400

    • iSeries tutorials

      Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

    • V6R1 upgrade planning checklist

      When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

    • Connecting multiple iSeries systems through DDM

      Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

    SearchEnterpriseLinux

    SearchDataCenter

    SearchExchange

    SearchContentManagement

    Close